Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for recovering data, comprising: collecting one or more identity factors at a user device, wherein hashes of the one or more identity factors are configured to be stored at a server; generating at the user device a dynamic password based on the one or more identity factors and a Salt configured to be generated by the server and configured to be delivered to the user device, the generating the dynamic password including: generating a string including at least one of the one or more identity factors and one or more hashes of at least one of the one or more identity factors; and hashing the string using a hash algorithm; generating at the user device a data key and encrypting the data key using the dynamic password to generate an encrypted data key, wherein the encrypted data key is configured to be stored at the server; and encrypting at the user device one or more data items using the data key to generate one or more encrypted data items, wherein the one or more encrypted data items are configured to be stored at the server, wherein the one or more data items are recoverable by presenting the one or more identity factors to the server.
2. The method of claim 1 , further comprising: collecting one or more regenerated identity factors at the user device and sending one or more hashes of the one or more regenerated identity factors to the server for comparison against the hashes of the one or more identity factors, wherein the Salt is configured to be delivered to the user device when the one or more hashes of the one or more regenerated identity factors closely match the hashes of the one or more identity factors; generating at the user device a recovered dynamic password based on the one or more regenerated identity factors and the Salt received from the server; decrypting at the user device using the recovered dynamic password the encrypted data key received from the server; and decrypting at the user device the one or more encrypted data items using the data key, the one or more encrypted data items being received from the server.
3. The method of claim 1 , wherein the user device is a first user device, the method further comprising: collecting one or more regenerated identity factors at a second user device and sending one or more hashes of the one or more regenerated identity factors to the server for comparison against the hashes of the one or more identity factors, wherein the Salt is configured to be delivered to the second user device when the one or more hashes of the one or more regenerated identity factors closely match the hashes of the one or more identity factors; generating at the second user device a recovered dynamic password based on the one or more regenerated identity factors and the Salt received from the server; decrypting at the second user device using the recovered dynamic password the encrypted data key received from the server; and decrypting at the second user device the one or more encrypted data items using the data key, the one or more encrypted data items being received from the server.
4. The method of claim 1 , wherein one of the one or more identity factors comprises a verifiable identity factor associated with an asset whose ownership is verifiable by the server, the method further comprising: sending from the user device to the server access information for accessing the asset, wherein the server delivers an authentication code to the asset; and sending from the user device the authentication code to the server for verification of ownership of the asset.
5. The method of claim 1 , wherein one of the one or more identity factors comprises a verifiable identity factor associated with an asset whose ownership is verifiable by the server, the method further comprising: sending a message from the asset to the server, wherein the message includes asset identifying information of the asset.
6. The method of claim 1 , wherein each of the data key and the Salt is a randomly generated number.
7. The method of claim 3 , further comprising: capturing at the first user device an original image of a user; generating a facial recognition key at the first user device, wherein the facial recognition key comprises a random number; generating at the first user device an encrypted facial recognition key using the dynamic password, wherein the encrypted facial recognition key is configured to be stored at the server; and encrypting at the first user device the original image using the facial recognition key to generate an encrypted original image, wherein the encrypted original image is configured to be stored at the server, wherein the user is authenticated for purposes of data recovery using a facial recognition process.
8. The method of claim 7 , wherein the facial recognition process includes: generating at the second user device the facial recognition key by decrypting using the recovered dynamic password the encrypted facial recognition key received from the server; capturing at the second user device a new image of the user; delivering from the second user device the facial recognition key and the new image to the server, wherein the server compares the new image to the original image that is accessed by decrypting the encrypted original image with the facial recognition key; and receiving at the second user device from the server the one or more encrypted data items when the new image closely matches the original image.
9. The method of claim 8 , further comprising: performing a liveliness test at the first user device when capturing the original image; and performing another liveliness test at the second user device when capturing the new image.
10. The method of claim 1 , further comprising: collecting a new set of one or more identity factors at the user device, wherein the new set of one or more identity factors replaces the one or more identity factors; generating at the user device a new dynamic password based on the new set of one or more identity factors and the Salt; and encrypting at the user device the data key using the new dynamic password to generate a new encrypted data key, wherein the new encrypted data key replaces the encrypted data key and is configured to be stored at the server, wherein the one or more data items are recoverable by presenting the new set of one or more identity factors to the server.
11. A non-transitory computer-readable medium storing a computer program for recovering data, the computer-readable medium comprising: program instructions for collecting one or more identity factors at a user device, wherein hashes of the one or more identity factors are configured to be stored at a server; program instructions for generating at the user device a dynamic password based on the one or more identity factors and a Salt configured to be generated by the server and configured to be delivered to the user device, the program instructions for generating the dynamic password including: program instructions for generating a string including at least one of the one or more identity factors and one or more hashes of at least one of the one or more identity factors; and program instructions for hashing the string using a hash algorithm; program instructions for generating at the user device a data key and encrypting the data key using the dynamic password to generate an encrypted data key, wherein the encrypted data key is configured to be stored at the server; and program instructions for encrypting at the user device one or more data items using the data key to generate one or more encrypted data items, wherein the one or more encrypted data items are configured to be stored at the server, wherein the one or more data items are recoverable by presenting the one or more identity factors to the server.
12. The non-transitory computer-readable medium of claim 11 , further comprising: program instructions for collecting one or more regenerated identity factors at the user device and sending one or more hashes of the one or more regenerated identity factors to the server for comparison against the hashes of the one or more identity factors, wherein the Salt is configured to be delivered to the user device when the one or more hashes of the one or more regenerated identity factors closely match the hashes of the one or more identity factors; program instructions for generating at the user device a recovered dynamic password based on the one or more regenerated identity factors and the Salt received from the server; program instructions for decrypting at the user device using the recovered dynamic password the encrypted data key received from the server; and program instructions for decrypting at the user device the one or more encrypted data items using the data key, the one or more encrypted data items being received from the server.
13. The non-transitory computer-readable medium of claim 11 , wherein the user device is a first user device, the non-transitory computer-readable medium further comprising: program instructions for collecting one or more regenerated identity factors at a second user device and sending one or more hashes of the one or more regenerated identity factors to the server for comparison against the hashes of the one or more identity factors, wherein the Salt is configured to be delivered to the second user device when the one or more hashes of the one or more regenerated identity factors closely match the hashes of the one or more identity factors; program instructions for generating at the second user device a recovered dynamic password based on the one or more regenerated identity factors and the Salt received from the server; program instructions for decrypting at the second user device using the recovered dynamic password the encrypted data key received from the server; and program instructions for decrypting at the second user device the one or more encrypted data items using the data key, the one or more encrypted data items being received from the server.
14. The non-transitory computer-readable medium of claim 11 , further comprising: wherein one of the one or more identity factors comprises a verifiable identity factor associated with an asset whose ownership is verifiable by the server, program instructions for sending from the user device to the server access information for accessing the asset, wherein the server delivers an authentication code to the asset; and program instructions for sending from the user device the authentication code to the server for verification of ownership of the asset.
15. The non-transitory computer-readable medium of claim 11 , further comprising: program instructions for collecting a new set of one or more identity factors at the user device, wherein the new set of one or more identity factors replaces the one or more identity factors; program instructions for generating at the user device a new dynamic password based on the new set of one or more identity factors and the Salt; and program instructions for encrypting at the user device the data key using the new dynamic password to generate a new encrypted data key, wherein the new encrypted data key replaces the encrypted data key and is configured to be stored at the server, wherein the one or more data items are recoverable by presenting the new set of one or more identity factors to the server.
16. A computer system comprising: a processor; and memory coupled to the processor and having stored therein instructions that, if executed by the processor, cause the processor to execute a method for recovering data comprising: collecting one or more identity factors at a user device, wherein hashes of the one or more identity factors are configured to be stored at a server; generating at the user device a dynamic password based on the one or more identity factors and a Salt configured to be generated by the server and configured to be delivered to the user device, the generating the dynamic password including: generating a string including at least one of the one or more identity factors and one or more hashes of at least one of the one or more identity factors; and hashing the string using a hash algorithm; generating at the user device a data key and encrypting the data key using the dynamic password to generate an encrypted data key, wherein the encrypted data key is configured to be stored at the server; and encrypting at the user device one or more data items using the data key to generate one or more encrypted data items, wherein the one or more encrypted data items are configured to be stored at the server, wherein the one or more data items are recoverable by presenting the one or more identity factors to the server.
17. The computer system of claim 16 , the method further comprising: collecting one or more regenerated identity factors at the user device and sending one or more hashes of the one or more regenerated identity factors to the server for comparison against the hashes of the one or more identity factors, wherein the Salt is configured to be delivered to the user device when the one or more hashes of the one or more regenerated identity factors closely match the hashes of the one or more identity factors; generating at the user device a recovered dynamic password based on the one or more regenerated identity factors and the Salt received from the server; decrypting at the user device using the recovered dynamic password the encrypted data key received from the server; and decrypting at the user device the one or more encrypted data items using the data key, the one or more encrypted data items being received from the server.
18. The computer system of claim 16 , wherein the user device is a first user device, the method further comprising: collecting one or more regenerated identity factors at a second user device and sending one or more hashes of the one or more regenerated identity factors to the server for comparison against the hashes of the one or more identity factors, wherein the Salt is configured to be delivered to the second user device when the one or more hashes of the one or more regenerated identity factors closely match the hashes of the one or more identity factors; generating at the second user device a recovered dynamic password based on the one or more regenerated identity factors and the Salt received from the server; decrypting at the second user device using the recovered dynamic password the encrypted data key received from the server; and decrypting at the second user device the one or more encrypted data items using the data key, the one or more encrypted data items being received from the server.
19. The computer system of claim 16 , wherein one of the one or more identity factors comprises a verifiable identity factor associated with an asset whose ownership is verifiable by the server, the method further comprising: sending from the user device to the server access information for accessing the asset, wherein the server delivers an authentication code to the asset; and sending from the user device the authentication code to the server for verification of ownership of the asset.
20. The computer system of claim 16 , the method further comprising: collecting a new set of one or more identity factors at the user device, wherein the new set of one or more identity factors replaces the one or more identity factors; generating at the user device a new dynamic password based on the new set of one or more identity factors and the Salt; and encrypting at the user device the data key using the new dynamic password to generate a new encrypted data key, wherein the new encrypted data key replaces the encrypted data key and is configured to be stored at the server, wherein the one or more data items are recoverable by presenting the new set of one or more identity factors to the server.
21. The method of claim 1 , wherein: the generating the string includes generating the string based on a predefined order of the at least one of the one or more identity factors and the one or more hashes of at least one of the one or more identity factors.
22. The method of claim 1 , wherein: the dynamic password is not sent to the server.
23. A method, comprising: collecting one or more identity factors at a user device, wherein hashes of the one or more identity factors are configured to be stored at a server; generating at the user device a dynamic password based on the one or more identity factors and a Salt configured to be generated by the server and configured to be delivered to the user device; generating at the user device a data key and encrypting the data key using the dynamic password to generate an encrypted data key, wherein the encrypted data key is configured to be stored at the server; encrypting at the user device one or more data items using the data key to generate one or more encrypted data items, wherein the one or more encrypted data items are configured to be stored at the server, wherein the one or more data items are recoverable by presenting the one or more identity factors to the server; capturing at the user device an original image of a user; generating a facial recognition key at the user device, wherein the facial recognition key comprises a random number; generating at the user device an encrypted facial recognition key using the dynamic password, wherein the encrypted facial recognition key is configured to be stored at the server; and encrypting at the user device the original image using the facial recognition key to generate an encrypted original image, wherein the encrypted original image is configured to be stored at the server, wherein the user is authenticated for purposes of data recovery using a facial recognition process.
Unknown
December 21, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.